/**   
 * Copyright © 2016 深圳市欧唯科技有限公司. All rights reserved.
 * 
 * @Title: MyRolesAuthorizationFilter.java 
 * @Prject: Web
 * @Package: com.adv.shiro 
 * @Description: TODO
 * @author: WUQINGLONG   
 * @date: 2016年9月7日 下午2:20:17 
 * @version: V1.0   
 */
package com.adv.shiro;

import java.util.Set;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * @ClassName: MyRolesAuthorizationFilter
 * @Description: TODO
 * @author: WUQINGLONG
 * @date: 2016年9月7日 下午2:20:17
 */
public class AnyRolesAuthorizationFilter extends AuthorizationFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		Subject subject = getSubject(request, response);
		String[] rolesArray = (String[]) mappedValue;

		if (rolesArray == null || rolesArray.length == 0) {
			return true;
		}

		Set<String> roles = CollectionUtils.asSet(rolesArray);
		for (String role : roles) {
			if (subject.hasRole(role)) {
				return true;
			}
		}
		return false;
	}

}
